General Troubleshooting Steps

If you suspect that there is a problem with your VSX configuration, there are several diagnostic procedures that you can follow to determine the source.

These procedures utilize various commands documented in the Command Line Reference.

  1. Perform a basic configuration check for each VSX Gateway or VSX Cluster Member by running the "vsx stat -v" command. The output will allow you to:

    1. Account for all Virtual Systems and make sure that none are missing from the configuration.

    2. Make sure all Virtual Devices are Active

    3. Make sure the correct Security Policy is installed for each Virtual System

    4. Make sure the SIC trust is established with the Management Server

  2. Run the "cplic print" command on each VSX Gateway, VSX Cluster Member and Management Server to make sure the appropriate licenses are installed.

  3. Run the cphaprob stat command on each VSX Cluster Member to verify its status. If a member is listed with a status other than Active, Standby, or Backup, refer to the "Troubleshooting" chapter in the R82 ClusterXL Administration Guide for additional troubleshooting assistance.

  4. If you suspect that a Virtual System is experiencing connectivity problems, perform the following steps:

    1. Run the "vsenv <VSID>" command to set the context to the appropriate Virtual System.

    2. Run the "fw getifs" command to display the interface list for the Virtual System.

    3. Examine connectivity status using standard operating system commands and tools such as: ping, traceroute, tcpdump, ip route, ftp, and so on. Some of these run according to context (i.e. routing, source and destination IP addresses). .

    You can also execute the "ip route" and "ip link" commands.

    If these tests indicate that all interfaces and routers have connectivity, and appear to be functioning correctly, you should monitor the passage of packets through the system.

  5. Execute the "fw monitor -v <VSID>" commands to capture details of packets at multiple points. This may return multiple reports on the same packet as it passes various capture points. This command does not report on Virtual Routers, except for packets destined to an external Virtual Router.

  6. Execute the "tcpdump" command to display transmitted or received packets for specific interfaces, including Warp interfaces. This often provides valuable clues for resolving connectivity issues.